U.S. Opposes Passport Privacy Protections

November 28, 2004

WASHINGTON – The Bush administration opposed security measures for new microchip-equipped passports that privacy advocates contended were needed to prevent identity theft, government snooping or a terror attack, according to State Department documents released Friday.

The passports, scheduled to be issued by the end of 2005, could be read electronically from as far away as 30 feet, according to the American Civil Liberties Union, which obtained the documents under a Freedom of Information Act request.

Though the passports wouldn’t include transmitters of their own, they would have antennas to allow a reader to capture the data.

The ability to read remotely, or “skim,” personal data raises the possibility that passport holders would be vulnerable to identity theft, the ACLU said. It also would allow government agents to find out covertly who was attending a political meeting or make it easier for terrorists to target Americans traveling abroad, the ACLU said.

Frank Moss, deputy assistant secretary of state for passport services, said the United States wants to ensure the safety and security of Americans traveling abroad.

“We are still hard at work at ensuring the security and integrity of the data on the chip,” Moss said.

He said, however, encrypting the data might make it more difficult for other countries to read the passports.

“It flies in the face of global interoperability,” Moss said.

In a memo drafted in August 2003, Moss dismissed objections that information could be copied remotely.

“There is little risk here since we plan to store only currently collected data with a facial image,” he wrote. “The U.S. will recommend against the use of PINs (personal identification numbers) or other methods that might be required to unlock a chip for reading.”

Moss said in a telephone interview on Friday that the passport data does not need to be encrypted because it does not include fingerprints. Stealing fingerprint data might allow unauthorized access to automatic teller machines or secure computer networks.

Barry Steinhardt, an ACLU lawyer, said skimming photographs and other data from passports does present a problem: thieves could strip away the owner’s face and replace it with their own.

“At a minimum, it should be encrypted to prevent unauthorized access by terrorists,” Steinhardt said.

Passport data can be protected by enclosing the document in a metal pouch or adding metal fibers to the cover, two options the State Department is exploring, Moss said.

The United States and other countries have been working for at least two years to set new passport standards with the International Civil Aviation Organization, a group affiliated with the United Nations that sets aviation standards.

The documents obtained by the ACLU show that information technology experts and countries including Canada, Germany, the Netherlands and Britain share the suspicion that the international standard set for the electronic passports inadequately protects privacy and security. The standards don’t require that data be encrypted.

All new U.S. passports issued by the end of 2005 are expected to have a chip containing the owner’s name, birth date, issuing office and a “biometric” identifier – a photo of the owner’s face.

The ACLU warns that the chips ultimately might contain far more data and be embedded in drivers’ licenses.

Last month, the Government Printing Office awarded contracts to four companies to develop chip packages that could be incorporated in passports. One or more companies will win a contract for the passports by year’s end, and the U.S. government will begin issuing them to officials and diplomats starting early next year.